Bug#610948: unblock: ghostscript/8.71~dfsg2-8
Jonathan Nieder wrote:
> I've tested that the package at
> installs and behaves as advetised in various scenarios but haven't
> reviewed the diff (attached) yet.
Attached.
diff -Nru ghostscript-8.71~dfsg2/debian/changelog ghostscript-8.71~dfsg2/debian/changelog
--- ghostscript-8.71~dfsg2/debian/changelog 2010-12-26 16:28:14.000000000 -0600
+++ ghostscript-8.71~dfsg2/debian/changelog 2011-01-23 09:27:19.000000000 -0600
@@ -1,11 +1,28 @@
-ghostscript (8.71~dfsg2-6.1) unstable; urgency=medium
+ghostscript (8.71~dfsg2-8) unstable; urgency=low
- * Non-maintainer upload.
- * Fix various aspects of CVE-2010-2055:
- - Honor -P- command-line option (closes: #584653).
- - Set SEARCH_HERE_FIRST=0 by default (closes: #584663).
+ * Update VCS hints to track squeeze-targeted branch.
+ * Sync control.in with control:
+ + Add Michael Gilbert as uploader.
+ + Newline-delimit uploaders.
+ * Fix install arch-independent files in library package: they are
+ needed by library calls (not only by executables):
+ + Install /usr/share/ghostscript/* into libgs8.
+ + Install empty dir var/lib/ghostscript/CMap into libgs8 (as well as
+ into ghostscript where install scripts depend on it) as it is used
+ by symlink.
+ + Have libgs8 break and replace older ghostscript.
+ Closes: bug#485621, thanks to Tom Parker and others.
- -- Michael Gilbert <michael.s.gilbert@gmail.com> Thu, 09 Dec 2010 21:40:17 -0500
+ -- Jonas Smedegaard <dr@jones.dk> Sun, 23 Jan 2011 16:12:44 +0100
+
+ghostscript (8.71~dfsg2-7) unstable; urgency=low
+
+ * Add myself as an uploader.
+ * Fix various aspects of cve-2010-2055:
+ - Honor -P- command-line argument (closes: #584653).
+ - Set SEARCH_HERE_FIRST by default (closes: #584663).
+
+ -- Michael Gilbert <michael.s.gilbert@gmail.com> Sun, 12 Dec 2010 14:40:18 -0500
ghostscript (8.71~dfsg2-6) unstable; urgency=low
diff -Nru ghostscript-8.71~dfsg2/debian/control ghostscript-8.71~dfsg2/debian/control
--- ghostscript-8.71~dfsg2/debian/control 2010-12-09 21:17:15.000000000 -0600
+++ ghostscript-8.71~dfsg2/debian/control 2011-01-23 09:03:03.000000000 -0600
@@ -5,8 +5,8 @@
Build-Depends: cdbs (>= 0.4.70~),
autotools-dev,
debhelper (>= 6),
- devscripts (>= 2.10.7~),
dh-buildinfo,
+ devscripts (>= 2.10.7~),
libjpeg-dev,
libpaper-dev,
libpng-dev,
@@ -27,10 +27,13 @@
pkg-config,
d-shlibs (>= 0.43)
Standards-Version: 3.9.1
-Uploaders: Torsten Landschoff <torsten@debian.org>, Masayuki Hatta (mhatta) <mhatta@debian.org>
+Uploaders:
+ Torsten Landschoff <torsten@debian.org>,
+ Masayuki Hatta (mhatta) <mhatta@debian.org>,
+ Michael Gilbert <michael.s.gilbert@gmail.com>
Homepage: http://www.ghostscript.com/
Vcs-Git: git://git.debian.org/git/collab-maint/ghostscript.git
-Vcs-Browser: http://git.debian.org/?p=collab-maint/ghostscript.git;a=summary
+Vcs-Browser: http://git.debian.org/?p=collab-maint/ghostscript.git;a=shortlog;h=refs/heads/master-squeeze
Package: ghostscript
Architecture: any
@@ -125,6 +128,8 @@
Section: libs
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}
+Replaces: ${cdbs:Replaces}
+Breaks: ${cdbs:Breaks}
Description: The Ghostscript PostScript/PDF interpreter Library
Ghostscript is used for PostScript/PDF preview and printing. Usually as
a back-end to a program such as ghostview, it can display PostScript and PDF
diff -Nru ghostscript-8.71~dfsg2/debian/control.in ghostscript-8.71~dfsg2/debian/control.in
--- ghostscript-8.71~dfsg2/debian/control.in 2010-08-19 01:31:41.000000000 -0500
+++ ghostscript-8.71~dfsg2/debian/control.in 2011-01-23 08:52:27.000000000 -0600
@@ -4,10 +4,13 @@
Maintainer: Jonas Smedegaard <dr@jones.dk>
Build-Depends: @cdbs@
Standards-Version: 3.9.1
-Uploaders: Torsten Landschoff <torsten@debian.org>, Masayuki Hatta (mhatta) <mhatta@debian.org>
+Uploaders:
+ Torsten Landschoff <torsten@debian.org>,
+ Masayuki Hatta (mhatta) <mhatta@debian.org>,
+ Michael Gilbert <michael.s.gilbert@gmail.com>
Homepage: http://www.ghostscript.com/
Vcs-Git: git://git.debian.org/git/collab-maint/ghostscript.git
-Vcs-Browser: http://git.debian.org/?p=collab-maint/ghostscript.git;a=summary
+Vcs-Browser: http://git.debian.org/?p=collab-maint/ghostscript.git;a=shortlog;h=refs/heads/master-squeeze
Package: ghostscript
Architecture: any
@@ -102,6 +105,8 @@
Section: libs
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}
+Replaces: ${cdbs:Replaces}
+Breaks: ${cdbs:Breaks}
Description: The Ghostscript PostScript/PDF interpreter Library
Ghostscript is used for PostScript/PDF preview and printing. Usually as
a back-end to a program such as ghostview, it can display PostScript and PDF
diff -Nru ghostscript-8.71~dfsg2/debian/gbp.conf ghostscript-8.71~dfsg2/debian/gbp.conf
--- ghostscript-8.71~dfsg2/debian/gbp.conf 2010-02-14 05:02:47.000000000 -0600
+++ ghostscript-8.71~dfsg2/debian/gbp.conf 2011-01-23 07:56:32.000000000 -0600
@@ -1,5 +1,6 @@
# Configuration file for git-buildpackage and friends
[DEFAULT]
+debian-branch = master-squeeze
pristine-tar = True
sign-tags = True
diff -Nru ghostscript-8.71~dfsg2/debian/ghostscript.install.in ghostscript-8.71~dfsg2/debian/ghostscript.install.in
--- ghostscript-8.71~dfsg2/debian/ghostscript.install.in 2010-05-18 09:02:21.000000000 -0500
+++ ghostscript-8.71~dfsg2/debian/ghostscript.install.in 2011-01-23 09:01:48.000000000 -0600
@@ -1,5 +1,4 @@
+# TODO: strip .in suffix from this file: variable no longer expanded
usr/bin/
usr/sbin/
-# install subdir explicitly, to fail if wrong (same var used for symlink too)
-usr/share/ghostscript/__ABI__/
usr/share/man/
diff -Nru ghostscript-8.71~dfsg2/debian/ghostscript.links.in ghostscript-8.71~dfsg2/debian/ghostscript.links.in
--- ghostscript-8.71~dfsg2/debian/ghostscript.links.in 2010-05-18 09:02:21.000000000 -0500
+++ ghostscript-8.71~dfsg2/debian/ghostscript.links.in 2011-01-23 09:01:55.000000000 -0600
@@ -1,4 +1,4 @@
-var/lib/ghostscript/CMap usr/share/ghostscript/__ABI__/Resource/CMap
+# TODO: strip .in suffix from this file: variable no longer expanded
usr/bin/gs usr/bin/ghostscript
usr/bin/ps2ascii usr/bin/ps2txt
usr/share/man/de/man1/ps2ps.1.gz usr/share/man/de/man1/eps2eps.1.gz
diff -Nru ghostscript-8.71~dfsg2/debian/libgs8.dirs ghostscript-8.71~dfsg2/debian/libgs8.dirs
--- ghostscript-8.71~dfsg2/debian/libgs8.dirs 1969-12-31 18:00:00.000000000 -0600
+++ ghostscript-8.71~dfsg2/debian/libgs8.dirs 2011-01-23 08:35:35.000000000 -0600
@@ -0,0 +1,2 @@
+# used only in ghostscript package, but linked from symlink shipped with library
+var/lib/ghostscript/CMap
diff -Nru ghostscript-8.71~dfsg2/debian/libgs8.install.in ghostscript-8.71~dfsg2/debian/libgs8.install.in
--- ghostscript-8.71~dfsg2/debian/libgs8.install.in 1969-12-31 18:00:00.000000000 -0600
+++ ghostscript-8.71~dfsg2/debian/libgs8.install.in 2011-01-23 08:30:00.000000000 -0600
@@ -0,0 +1,2 @@
+# install subdir explicitly, to fail if wrong (same var used for symlink too)
+usr/share/ghostscript/__ABI__/
diff -Nru ghostscript-8.71~dfsg2/debian/libgs8.links.in ghostscript-8.71~dfsg2/debian/libgs8.links.in
--- ghostscript-8.71~dfsg2/debian/libgs8.links.in 1969-12-31 18:00:00.000000000 -0600
+++ ghostscript-8.71~dfsg2/debian/libgs8.links.in 2011-01-23 08:36:36.000000000 -0600
@@ -0,0 +1 @@
+var/lib/ghostscript/CMap usr/share/ghostscript/__ABI__/Resource/CMap
diff -Nru ghostscript-8.71~dfsg2/debian/patches/1010_CVE-2010-2055_fix-584653.patch ghostscript-8.71~dfsg2/debian/patches/1010_CVE-2010-2055_fix-584653.patch
--- ghostscript-8.71~dfsg2/debian/patches/1010_CVE-2010-2055_fix-584653.patch 1969-12-31 18:00:00.000000000 -0600
+++ ghostscript-8.71~dfsg2/debian/patches/1010_CVE-2010-2055_fix-584653.patch 2011-01-23 07:50:39.000000000 -0600
@@ -0,0 +1,78 @@
+Description: Honor -P- option
+Author: Michael Gilbert <michael.s.gilbert@gmail.com>
+Debian-Bug: http://bugs.debian.org/584653
+Origin: http://svn.ghostscript.com/viewvc/trunk/gs/Resource/Init/gs_res.ps?r1=11510&r2=11515&view=patch
+Index: ghostscript-8.71~dfsg2/Resource/Init/gs_res.ps
+===================================================================
+--- ghostscript-8.71~dfsg2.orig/Resource/Init/gs_res.ps 2010-01-31 15:30:13.000000000 -0500
++++ ghostscript-8.71~dfsg2/Resource/Init/gs_res.ps 2010-12-09 21:48:52.000000000 -0500
+@@ -557,46 +557,29 @@
+ { forall } 0 get
+ currentdict end 2 .execn begin
+ } bind
+-/.file_name_is_iodevice_or_absolute
+-{ {
+- dup length 0 gt {
+- dup 0 get (%) 0 get eq {
+- pop true exit
+- } if
+- } if
+- .file_name_is_absolute exit
+- } loop
+-} bind def
+-/ResourceFileName
+- { % /in (scr)
+- exch //.rfnstring cvs % (scr) (n)
+- /GenericResourcePathSep getsystemparam exch % (scr) (/) (n)
+- Category .namestring % (scr) (/) (n) (c)
+- 3 1 roll % (scr) (c) (/) (n)
+- concatstrings concatstrings % (scr) (c/n)
+- /GenericResourceDir getsystemparam //.file_name_is_iodevice_or_absolute exec not {
+- /GenericResourceDir getsystemparam exch concatstrings
+- findlibfile
+- { % (scr) (p/c/n) file
+- pop exch copy true % (p/c/n) true
+- } { % (scr) (c/n)
+- false % (scr) (c/n) false
+- } ifelse
+- } { % (scr) (c/n)
+- false % (scr) (c/n) false
+- } ifelse
+- not { % (scr) (c/n)
+- /GenericResourceDir getsystemparam % (scr) (c/n) (d/)
+- dup length exch % (scr) (c/n) Ld (d/)
+- 3 index copy pop % (scr') (c/n) Ld
+- 1 index length % (scr') (c/n) Ld Lcn
+- 3 index 3 copy pop % (scr') (c/n) Ld Lcn (scr') Ld Lcn
+- getinterval % (scr') (c/n) Ld Lcn (scr[Ld:Lcn])
+- 4 3 roll exch % (scr') Ld Lcn (c/n) (scr[Ld:Lcn])
+- copy pop % (scr'') Ld Lcn
+- add 0 exch getinterval % (scr''[0:Ld+Lcn])
+- } if
+- } bind
++
++/ResourceFileName { % /in (scr) --> (p/c/n)
++ exch //.rfnstring cvs % (scr) (n)
++ /GenericResourcePathSep getsystemparam exch % (scr) (/) (n)
++ Category .namestring % (scr) (/) (n) (c)
++ 3 1 roll % (scr) (c) (/) (n)
++ concatstrings concatstrings % (scr) (c/n)
++ /GenericResourceDir getsystemparam 1 index % (scr) (c/n) (p/) (c/n)
++ concatstrings % (scr) (c/n) (p/c/n)
++ dup status {
++ pop pop pop pop exch pop % (scr) (p/c/n)
++ } {
++ exch % (scr) (p/c/n) (c/n)
++ .libfile {
++ dup .filename pop % (scr) (p/c/n) file (p/c/n')
++ exch closefile % (scr) (p/c/n) (p/c/n')
++ exch pop % (scr) (p/c/n')
++ } {
++ pop % (scr) (p/c/n)
++ } ifelse
++ } ifelse
++ exch copy % (p/c/n)
++} bind
+
+ % Additional entries
+
diff -Nru ghostscript-8.71~dfsg2/debian/patches/1010_CVE-2010-2055.patch ghostscript-8.71~dfsg2/debian/patches/1010_CVE-2010-2055.patch
--- ghostscript-8.71~dfsg2/debian/patches/1010_CVE-2010-2055.patch 2010-12-26 14:27:11.000000000 -0600
+++ ghostscript-8.71~dfsg2/debian/patches/1010_CVE-2010-2055.patch 1969-12-31 18:00:00.000000000 -0600
@@ -1,728 +0,0 @@
-Description: fix cve-2010-2055
-Author: Michael Gilbert <michael.s.gilbert@gmail.com>
-Debian-Bug: http://bugs.debian.org/584653
-Debian-Bug: http://bugs.debian.org/584663
-Index: ghostscript-8.71~dfsg2/base/bcwin32.mak
-===================================================================
---- ghostscript-8.71~dfsg2.orig/base/bcwin32.mak 2010-12-26 15:12:33.000000000 -0500
-+++ ghostscript-8.71~dfsg2/base/bcwin32.mak 2010-12-26 15:24:08.000000000 -0500
-@@ -78,13 +78,10 @@
-
- # Define whether or not searching for initialization files should always
- # look in the current directory first. This leads to well-known security
--# and confusion problems, but users insist on it.
--# NOTE: this also affects searching for files named on the command line:
--# see the "File searching" section of Use.htm for full details.
--# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
-+# and confusion problems, but may be convenient sometimes.
-
- !ifndef SEARCH_HERE_FIRST
--SEARCH_HERE_FIRST=1
-+SEARCH_HERE_FIRST=0
- !endif
-
- # Define the name of the interpreter initialization file.
-Index: ghostscript-8.71~dfsg2/base/macos-mcp.mak
-===================================================================
---- ghostscript-8.71~dfsg2.orig/base/macos-mcp.mak 2010-12-26 15:12:33.000000000 -0500
-+++ ghostscript-8.71~dfsg2/base/macos-mcp.mak 2010-12-26 15:24:08.000000000 -0500
-@@ -53,12 +53,9 @@
-
- # Define whether or not searching for initialization files should always
- # look in the current directory first. This leads to well-known security
--# and confusion problems, but users insist on it.
--# NOTE: this also affects searching for files named on the command line:
--# see the "File searching" section of Use.htm for full details.
--# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
-+# and confusion problems, but may be convenient sometimes.
-
--SEARCH_HERE_FIRST=1
-+SEARCH_HERE_FIRST=0
-
- # Define the name of the interpreter initialization file.
- # (There is no reason to change this.)
-Index: ghostscript-8.71~dfsg2/base/macosx.mak
-===================================================================
---- ghostscript-8.71~dfsg2.orig/base/macosx.mak 2010-12-26 15:12:33.000000000 -0500
-+++ ghostscript-8.71~dfsg2/base/macosx.mak 2010-12-26 15:24:08.000000000 -0500
-@@ -78,12 +78,9 @@
-
- # Define whether or not searching for initialization files should always
- # look in the current directory first. This leads to well-known security
--# and confusion problems, but users insist on it.
--# NOTE: this also affects searching for files named on the command line:
--# see the "File searching" section of Use.htm for full details.
--# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
-+# and confusion problems, but may be convenient sometimes.
-
--SEARCH_HERE_FIRST=1
-+SEARCH_HERE_FIRST=0
-
- # Define the name of the interpreter initialization file.
- # (There is no reason to change this.)
-Index: ghostscript-8.71~dfsg2/base/Makefile.in
-===================================================================
---- ghostscript-8.71~dfsg2.orig/base/Makefile.in 2010-12-26 15:18:03.000000000 -0500
-+++ ghostscript-8.71~dfsg2/base/Makefile.in 2010-12-26 15:24:08.000000000 -0500
-@@ -96,12 +96,9 @@
-
- # Define whether or not searching for initialization files should always
- # look in the current directory first. This leads to well-known security
--# and confusion problems, but users insist on it.
--# NOTE: this also affects searching for files named on the command line:
--# see the "File searching" section of Use.htm for full details.
--# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
-+# and confusion problems, but may be convenient sometimes.
-
--SEARCH_HERE_FIRST=1
-+SEARCH_HERE_FIRST=0
-
- # Define the name of the interpreter initialization file.
- # (There is no reason to change this.)
-Index: ghostscript-8.71~dfsg2/base/msvclib.mak
-===================================================================
---- ghostscript-8.71~dfsg2.orig/base/msvclib.mak 2010-12-26 15:12:33.000000000 -0500
-+++ ghostscript-8.71~dfsg2/base/msvclib.mak 2010-12-26 15:24:08.000000000 -0500
-@@ -49,13 +49,10 @@
-
- # Define whether or not searching for initialization files should always
- # look in the current directory first. This leads to well-known security
--# and confusion problems, but users insist on it.
--# NOTE: this also affects searching for files named on the command line:
--# see the "File searching" section of Use.htm for full details.
--# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
-+# and confusion problems, but may be convenient sometimes.
-
- !ifndef SEARCH_HERE_FIRST
--SEARCH_HERE_FIRST=1
-+SEARCH_HERE_FIRST=0
- !endif
-
- # Define the name of the interpreter initialization file.
-Index: ghostscript-8.71~dfsg2/base/openvms.mak
-===================================================================
---- ghostscript-8.71~dfsg2.orig/base/openvms.mak 2010-12-26 15:12:33.000000000 -0500
-+++ ghostscript-8.71~dfsg2/base/openvms.mak 2010-12-26 15:24:08.000000000 -0500
-@@ -68,12 +68,9 @@
-
- # Define whether or not searching for initialization files should always
- # look in the current directory first. This leads to well-known security
--# and confusion problems, but users insist on it.
--# NOTE: this also affects searching for files named on the command line:
--# see the "File searching" section of Use.htm for full details.
--# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
-+# and confusion problems, but may be convenient sometimes.
-
--SEARCH_HERE_FIRST=1
-+SEARCH_HERE_FIRST=0
-
- # Define the name of the interpreter initialization file.
- # (There is no reason to change this.)
-Index: ghostscript-8.71~dfsg2/base/openvms.mmk
-===================================================================
---- ghostscript-8.71~dfsg2.orig/base/openvms.mmk 2010-12-26 15:12:33.000000000 -0500
-+++ ghostscript-8.71~dfsg2/base/openvms.mmk 2010-12-26 15:24:08.000000000 -0500
-@@ -73,12 +73,9 @@
-
- # Define whether or not searching for initialization files should always
- # look in the current directory first. This leads to well-known security
--# and confusion problems, but users insist on it.
--# NOTE: this also affects searching for files named on the command line:
--# see the "File searching" section of Use.htm for full details.
--# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
-+# and confusion problems, but may be convenient sometimes.
-
--SEARCH_HERE_FIRST=1
-+SEARCH_HERE_FIRST=0
-
- # Define the name of the interpreter initialization file.
- # (There is no reason to change this.)
-Index: ghostscript-8.71~dfsg2/base/ugcclib.mak
-===================================================================
---- ghostscript-8.71~dfsg2.orig/base/ugcclib.mak 2010-12-26 15:12:33.000000000 -0500
-+++ ghostscript-8.71~dfsg2/base/ugcclib.mak 2010-12-26 15:24:08.000000000 -0500
-@@ -30,7 +30,7 @@
- gsdatadir = $(gsdir)/$(GS_DOT_VERSION)
- GS_DOCDIR=$(gsdatadir)/doc
- GS_LIB_DEFAULT=$(gsdatadir)/Resource/Init:$(gsdatadir)/lib:$(gsdatadir)/Resource/Font
--SEARCH_HERE_FIRST=1
-+SEARCH_HERE_FIRST=0
- GS_INIT=gs_init.ps
-
- #GENOPT=-DDEBUG
-Index: ghostscript-8.71~dfsg2/base/unixansi.mak
-===================================================================
---- ghostscript-8.71~dfsg2.orig/base/unixansi.mak 2010-12-26 15:12:33.000000000 -0500
-+++ ghostscript-8.71~dfsg2/base/unixansi.mak 2010-12-26 15:24:08.000000000 -0500
-@@ -73,12 +73,9 @@
-
- # Define whether or not searching for initialization files should always
- # look in the current directory first. This leads to well-known security
--# and confusion problems, but users insist on it.
--# NOTE: this also affects searching for files named on the command line:
--# see the "File searching" section of Use.htm for full details.
--# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
-+# and confusion problems, but may be convenient sometimes.
-
--SEARCH_HERE_FIRST=1
-+SEARCH_HERE_FIRST=0
-
- # Define the name of the interpreter initialization file.
- # (There is no reason to change this.)
-Index: ghostscript-8.71~dfsg2/base/unix-gcc.mak
-===================================================================
---- ghostscript-8.71~dfsg2.orig/base/unix-gcc.mak 2010-12-26 15:12:33.000000000 -0500
-+++ ghostscript-8.71~dfsg2/base/unix-gcc.mak 2010-12-26 15:24:08.000000000 -0500
-@@ -77,12 +77,9 @@
-
- # Define whether or not searching for initialization files should always
- # look in the current directory first. This leads to well-known security
--# and confusion problems, but users insist on it.
--# NOTE: this also affects searching for files named on the command line:
--# see the "File searching" section of Use.htm for full details.
--# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
-+# and confusion problems, but may be convenient sometimes.
-
--SEARCH_HERE_FIRST=1
-+SEARCH_HERE_FIRST=0
-
- # Define the name of the interpreter initialization file.
- # (There is no reason to change this.)
-Index: ghostscript-8.71~dfsg2/base/watclib.mak
-===================================================================
---- ghostscript-8.71~dfsg2.orig/base/watclib.mak 2010-12-26 15:12:33.000000000 -0500
-+++ ghostscript-8.71~dfsg2/base/watclib.mak 2010-12-26 15:24:08.000000000 -0500
-@@ -20,7 +20,7 @@
- GSROOTDIR=$(AROOTDIR)/gs$(GS_DOT_VERSION)
- GS_DOCDIR=$(GSROOTDIR)/doc
- GS_LIB_DEFAULT=$(GSROOTDIR)/Resource/Init\;$(GSROOTDIR)/lib\;$(GSROOTDIR)/Resource/Font\;$(AROOTDIR)/fonts
--SEARCH_HERE_FIRST=1
-+SEARCH_HERE_FIRST=0
- GS_INIT=gs_init.ps
-
- !ifndef DEBUG
-Index: ghostscript-8.71~dfsg2/base/watcw32.mak
-===================================================================
---- ghostscript-8.71~dfsg2.orig/base/watcw32.mak 2010-12-26 15:12:33.000000000 -0500
-+++ ghostscript-8.71~dfsg2/base/watcw32.mak 2010-12-26 15:24:08.000000000 -0500
-@@ -54,11 +54,8 @@
- # Define whether or not searching for initialization files should always
- # look in the current directory first. This leads to well-known security
- # and confusion problems, but users insist on it.
--# NOTE: this also affects searching for files named on the command line:
--# see the "File searching" section of Use.htm for full details.
--# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
-
--SEARCH_HERE_FIRST=1
-+SEARCH_HERE_FIRST=0
-
- # Define the name of the interpreter initialization file.
- # (There is no reason to change this.)
-Index: ghostscript-8.71~dfsg2/doc/Use.htm
-===================================================================
---- ghostscript-8.71~dfsg2.orig/doc/Use.htm 2010-12-26 15:12:33.000000000 -0500
-+++ ghostscript-8.71~dfsg2/doc/Use.htm 2010-12-26 15:24:08.000000000 -0500
-@@ -823,8 +823,8 @@
- using the name given. Otherwise it tries directories in this order:
-
- <ol>
--<li>The current directory (unless disabled by the
--<a href="#P-_switch"><code>-P-</code> switch</a>);
-+<li>The current directory if enabled by the
-+<a href="#P-_switch"><code>-P</code> switch</a>;
-
- <li>The directories specified by <a href="#I_switch"><code>-I</code>
- switches</a> in the command line, if any;
-@@ -847,13 +847,10 @@
- directory or a list of directories separated by a character appropriate for
- the operating system ("<code>:</code>" on Unix systems,
- "<code>,</code>" on VMS systems, and
--"<code>;</code>" on MS Windows systems). We think that trying
--the current directory first is a very bad idea -- it opens serious security
--loopholes and can lead to very confusing errors if one has more than one
--version of Ghostscript in one's environment -- but when we attempted to
--change it, users insisted that we change it back. You can disable looking
--in the current directory first by using the
--<a href="#P_switch"><code>-P-</code> switch</a>.
-+"<code>;</code>" on MS Windows systems).
-+By default, Ghostscript no longer searches the current directory first
-+but provides <a href="#P_switch"><code>-P</code> switch</a> for a degree
-+of backward compatibility.
-
- <p>
- Note that Ghostscript does not use this file searching algorithm for the
-@@ -2061,14 +2058,14 @@
- <dl>
- <dt><a name="P_switch"></a><code>-P</code>
- <dd>Makes Ghostscript look first in the current directory for library
--files. This is currently the default.
-+files.
- </dl>
-
- <dl>
- <dt><a name="P-_switch"></a><code>-P-</code>
- <dd>Makes Ghostscript <b><em>not</em></b> look first in the current
- directory for library files (unless, of course, the first explicitly
--supplied directory is "<code>.</code>").
-+supplied directory is "<code>.</code>"). This is now the default.
- </dl>
-
- <h4><a name="Parameters"></a>Setting parameters</h4>
-Index: ghostscript-8.71~dfsg2/man/gs.1
-===================================================================
---- ghostscript-8.71~dfsg2.orig/man/gs.1 2010-12-26 15:18:03.000000000 -0500
-+++ ghostscript-8.71~dfsg2/man/gs.1 2010-12-26 15:24:42.000000000 -0500
-@@ -208,6 +208,12 @@
- .br
- /name (35) def
- .TP
-+.B \-P
-+Makes Ghostscript to look first in the current directory for library files.
-+By default, Ghostscript no longer looks in the current directory,
-+unless, of course, the first explicitly supplied directory is "." in \fB-I\fR.
-+See also the \fBINITIALIZATION FILES\fR section below, and bundled
-+\fBUse.htm\fR for detailed discussion on search paths and how Ghostcript finds files.
- .B \-q
- Quiet startup: suppress normal startup messages, and also do the
- equivalent of \fB\-dQUIET\fR.
-Index: ghostscript-8.71~dfsg2/psi/msvc32.mak
-===================================================================
---- ghostscript-8.71~dfsg2.orig/psi/msvc32.mak 2010-12-26 15:12:33.000000000 -0500
-+++ ghostscript-8.71~dfsg2/psi/msvc32.mak 2010-12-26 15:24:08.000000000 -0500
-@@ -100,13 +100,10 @@
-
- # Define whether or not searching for initialization files should always
- # look in the current directory first. This leads to well-known security
--# and confusion problems, but users insist on it.
--# NOTE: this also affects searching for files named on the command line:
--# see the "File searching" section of Use.htm for full details.
--# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
-+# and confusion problems, but may be convenient sometimes.
-
- !ifndef SEARCH_HERE_FIRST
--SEARCH_HERE_FIRST=1
-+SEARCH_HERE_FIRST=0
- !endif
-
- # Define the name of the interpreter initialization file.
-Index: ghostscript-8.71~dfsg2/psi/os2.mak
-===================================================================
---- ghostscript-8.71~dfsg2.orig/psi/os2.mak 2010-12-26 15:12:33.000000000 -0500
-+++ ghostscript-8.71~dfsg2/psi/os2.mak 2010-12-26 15:24:08.000000000 -0500
-@@ -54,12 +54,9 @@
-
- # Define whether or not searching for initialization files should always
- # look in the current directory first. This leads to well-known security
--# and confusion problems, but users insist on it.
--# NOTE: this also affects searching for files named on the command line:
--# see the "File searching" section of Use.htm for full details.
--# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
-+# and confusion problems, but may be convenient sometimes.
-
--SEARCH_HERE_FIRST=1
-+SEARCH_HERE_FIRST=0
-
- # Define the name of the interpreter initialization file.
- # (There is no reason to change this.)
-Index: ghostscript-8.71~dfsg2/psi/zfile.c
-===================================================================
---- ghostscript-8.71~dfsg2.orig/psi/zfile.c 2009-10-04 08:42:07.000000000 -0400
-+++ ghostscript-8.71~dfsg2/psi/zfile.c 2010-12-26 15:24:08.000000000 -0500
-@@ -486,8 +486,13 @@
- struct stat fstat;
- int code = parse_file_name(op, &pname, i_ctx_p->LockFilePermissions);
-
-- if (code < 0)
-+ if (code < 0) {
-+ if (code == e_undefinedfilename) {
-+ make_bool(op, 0);
-+ code = 0;
-+ }
- return code;
-+ }
- code = gs_terminate_file_name(&pname, imemory, "status");
- if (code < 0)
- return code;
-@@ -903,6 +908,91 @@
- }
-
-
-+/* return zero for success, -ve for error, +1 for continue */
-+static int
-+lib_file_open_search_with_no_combine(gs_file_path_ptr lib_path, const gs_memory_t *mem, i_ctx_t *i_ctx_p,
-+ const char *fname, uint flen, char *buffer, int blen, uint *pclen, ref *pfile,
-+ gx_io_device *iodev, bool starting_arg_file, char *fmode)
-+{
-+ stream *s;
-+ uint blen1 = blen;
-+ if (gp_file_name_reduce(fname, flen, buffer, &blen1) != gp_combine_success)
-+ goto skip;
-+ if (iodev_os_open_file(iodev, (const char *)buffer, blen1,
-+ (const char *)fmode, &s, (gs_memory_t *)mem) == 0) {
-+ if (starting_arg_file ||
-+ check_file_permissions_aux(i_ctx_p, buffer, blen1) >= 0) {
-+ *pclen = blen1;
-+ make_stream_file(pfile, s, "r");
-+ return 0;
-+ }
-+ sclose(s);
-+ return_error(e_invalidfileaccess);
-+ }
-+ skip:;
-+ return 1;
-+}
-+
-+/* return zero for success, -ve for error, +1 for continue */
-+static int
-+lib_file_open_search_with_combine(gs_file_path_ptr lib_path, const gs_memory_t *mem, i_ctx_t *i_ctx_p,
-+ const char *fname, uint flen, char *buffer, int blen, uint *pclen, ref *pfile,
-+ gx_io_device *iodev, bool starting_arg_file, char *fmode)
-+{
-+ stream *s;
-+ const gs_file_path *pfpath = lib_path;
-+ uint pi;
-+
-+ for (pi = 0; pi < r_size(&pfpath->list); ++pi) {
-+ const ref *prdir = pfpath->list.value.refs + pi;
-+ const char *pstr = (const char *)prdir->value.const_bytes;
-+ uint plen = r_size(prdir), blen1 = blen;
-+ gs_parsed_file_name_t pname;
-+ gp_file_name_combine_result r;
-+
-+ /* We need to concatenate and parse the file name here
-+ * if this path has a %device% prefix. */
-+ if (pstr[0] == '%') {
-+ int code;
-+
-+ /* We concatenate directly since gp_file_name_combine_*
-+ * rules are not correct for other devices such as %rom% */
-+ code = gs_parse_file_name(&pname, pstr, plen);
-+ if (code < 0)
-+ continue;
-+ memcpy(buffer, pname.fname, pname.len);
-+ memcpy(buffer+pname.len, fname, flen);
-+ code = pname.iodev->procs.open_file(pname.iodev, buffer, pname.len + flen, fmode,
-+ &s, (gs_memory_t *)mem);
-+ if (code < 0)
-+ continue;
-+ make_stream_file(pfile, s, "r");
-+ /* fill in the buffer with the device concatenated */
-+ memcpy(buffer, pstr, plen);
-+ memcpy(buffer+plen, fname, flen);
-+ *pclen = plen + flen;
-+ return 0;
-+ } else {
-+ r = gp_file_name_combine(pstr, plen,
-+ fname, flen, false, buffer, &blen1);
-+ if (r != gp_combine_success)
-+ continue;
-+ if (iodev_os_open_file(iodev, (const char *)buffer, blen1, (const char *)fmode,
-+ &s, (gs_memory_t *)mem) == 0) {
-+ if (starting_arg_file ||
-+ check_file_permissions_aux(i_ctx_p, buffer, blen1) >= 0) {
-+ *pclen = blen1;
-+ make_stream_file(pfile, s, "r");
-+ return 0;
-+ }
-+ sclose(s);
-+ return_error(e_invalidfileaccess);
-+ }
-+ }
-+ }
-+ return 1;
-+}
-+
- /* Return a file object of of the file searched for using the search paths. */
- /* The fname cannot contain a device part (%...%) but the lib paths might. */
- /* The startup code calls this to open the initialization file gs_init.ps. */
-@@ -917,8 +1007,9 @@
- bool search_with_no_combine = false;
- bool search_with_combine = false;
- char fmode[4] = { 'r', 0, 0, 0 }; /* room for binary suffix */
-- stream *s;
- gx_io_device *iodev = iodev_default;
-+ gs_main_instance *minst = get_minst_from_memory(mem);
-+ int code;
-
- /* when starting arg files (@ files) iodev_default is not yet set */
- if (iodev == 0)
-@@ -932,75 +1023,36 @@
- search_with_no_combine = starting_arg_file;
- search_with_combine = true;
- }
-- if (search_with_no_combine) {
-- uint blen1 = blen;
--
-- if (gp_file_name_reduce(fname, flen, buffer, &blen1) != gp_combine_success)
-- goto skip;
-- if (iodev_os_open_file(iodev, (const char *)buffer, blen1,
-- (const char *)fmode, &s, (gs_memory_t *)mem) == 0) {
-- if (starting_arg_file ||
-- check_file_permissions_aux(i_ctx_p, buffer, blen1) >= 0) {
-- *pclen = blen1;
-- make_stream_file(pfile, s, "r");
-- return 0;
-- }
-- sclose(s);
-- return_error(e_invalidfileaccess);
-- }
-- skip:;
-- }
-- if (search_with_combine) {
-- const gs_file_path *pfpath = lib_path;
-- uint pi;
--
-- for (pi = 0; pi < r_size(&pfpath->list); ++pi) {
-- const ref *prdir = pfpath->list.value.refs + pi;
-- const char *pstr = (const char *)prdir->value.const_bytes;
-- uint plen = r_size(prdir), blen1 = blen;
-- gs_parsed_file_name_t pname;
-- gp_file_name_combine_result r;
--
-- /* We need to concatenate and parse the file name here
-- * if this path has a %device% prefix. */
-- if (pstr[0] == '%') {
-- int code;
--
-- /* We concatenate directly since gp_file_name_combine_*
-- * rules are not correct for other devices such as %rom% */
-- code = gs_parse_file_name(&pname, pstr, plen);
-- if (code < 0)
-- continue;
-- memcpy(buffer, pname.fname, pname.len);
-- memcpy(buffer+pname.len, fname, flen);
-- code = pname.iodev->procs.open_file(pname.iodev, buffer, pname.len + flen, fmode,
-- &s, (gs_memory_t *)mem);
-- if (code < 0)
-- continue;
-- make_stream_file(pfile, s, "r");
-- /* fill in the buffer with the device concatenated */
-- memcpy(buffer, pstr, plen);
-- memcpy(buffer+plen, fname, flen);
-- *pclen = plen + flen;
-- return 0;
-- } else {
-- r = gp_file_name_combine(pstr, plen,
-- fname, flen, false, buffer, &blen1);
-- if (r != gp_combine_success)
-- continue;
-- if (iodev_os_open_file(iodev, (const char *)buffer, blen1, (const char *)fmode,
-- &s, (gs_memory_t *)mem) == 0) {
-- if (starting_arg_file ||
-- check_file_permissions_aux(i_ctx_p, buffer, blen1) >= 0) {
-- *pclen = blen1;
-- make_stream_file(pfile, s, "r");
-- return 0;
-- }
-- sclose(s);
-- return_error(e_invalidfileaccess);
-- }
-- }
-- }
-+ if (minst->search_here_first) {
-+ if (search_with_no_combine) {
-+ code = lib_file_open_search_with_no_combine(lib_path, mem, i_ctx_p,
-+ fname, flen, buffer, blen, pclen, pfile,
-+ iodev, starting_arg_file, fmode);
-+ if (code <= 0) /* +ve means continue continue */
-+ return code;
-+ }
-+ if (search_with_combine) {
-+ code = lib_file_open_search_with_combine(lib_path, mem, i_ctx_p,
-+ fname, flen, buffer, blen, pclen, pfile,
-+ iodev, starting_arg_file, fmode);
-+ if (code <= 0) /* +ve means continue searching */
-+ return code;
-+ }
-+ } else {
-+ if (search_with_combine) {
-+ code = lib_file_open_search_with_combine(lib_path, mem, i_ctx_p,
-+ fname, flen, buffer, blen, pclen, pfile,
-+ iodev, starting_arg_file, fmode);
-+ if (code <= 0) /* +ve means continue searching */
-+ return code;
-+ }
-+ if (search_with_no_combine) {
-+ code = lib_file_open_search_with_no_combine(lib_path, mem, i_ctx_p,
-+ fname, flen, buffer, blen, pclen, pfile,
-+ iodev, starting_arg_file, fmode);
-+ if (code <= 0) /* +ve means continue searching */
-+ return code;
-+ }
- }
- return_error(e_undefinedfilename);
- }
-Index: ghostscript-8.71~dfsg2/Resource/Init/gs_fonts.ps
-===================================================================
---- ghostscript-8.71~dfsg2.orig/Resource/Init/gs_fonts.ps 2010-12-26 15:18:02.000000000 -0500
-+++ ghostscript-8.71~dfsg2/Resource/Init/gs_fonts.ps 2010-12-26 15:25:09.000000000 -0500
-@@ -945,7 +945,7 @@
- if
- }
- { % Font file name
-- .loadfontloop { true exit } if
-+ //true .loadfontloop { //true exit } if
- }
- ifelse
- }
-@@ -988,39 +988,47 @@
- /.genericrfn where {
- pop
- pop dup .fonttempstring /FontResourceDir getsystemparam .genericrfn
-- .loadfontloop {
-+ //false .loadfontloop {
- //true
- } {
-- dup .nametostring .loadfontloop
-+ dup .nametostring
-+ //true .loadfontloop
- } ifelse
- } {
-- .loadfontloop
-+ //true .loadfontloop
- } ifelse
- } bind def
--/.loadfontloop { % <fontname> <filename> .loadfontloop
-+/.loadfontloop { % <fontname> <filename> <libflag> .loadfontloop
- % <font> true
- % -or-
- % <fontname> false
- % See above regarding the use of 'loop'.
- { % Is the font name a string?
-- dup type /stringtype ne
-- { QUIET not
-+ 1 index type /stringtype ne
-+ { pop
-+ QUIET not
- { (Can't find font with non-string name: ) print dup =only (.) = flush
- }
-- if pop false exit
-- }
-- if
-- % Can we open the file?
-- findlibfile not
-- { QUIET not
-+ if pop //false exit
-+ } if
-+
-+ % check <libflag>
-+ {
-+ findlibfile not
-+ } {
-+ dup (r) { file } stopped {
-+ pop pop //true
-+ } {
-+ //false
-+ } ifelse
-+ } ifelse {
-+ QUIET not
- { (Can't find \(or can't open\) font file ) print dup print
- (.) = flush
- }
- if pop false exit
-- }
-- if
--
-- % Stack: fontname fontfilename fontfile
-+ } if
-+ % Stack: fontname fontfilename fontfile
- DISKFONTS
- { .currentglobal true .setglobal
- 2 index (r) file
-Index: ghostscript-8.71~dfsg2/Resource/Init/gs_res.ps
-===================================================================
---- ghostscript-8.71~dfsg2.orig/Resource/Init/gs_res.ps 2010-12-26 15:12:41.000000000 -0500
-+++ ghostscript-8.71~dfsg2/Resource/Init/gs_res.ps 2010-12-26 15:24:08.000000000 -0500
-@@ -287,7 +287,8 @@
- } {
- (Resource) search {
- exch concatstrings
-- exch 0 1 getinterval concatstrings exit
-+ exch pop
-+ .file_name_separator concatstrings exit
- } {
- pop
- } ifelse
-@@ -557,46 +558,29 @@
- { forall } 0 get
- currentdict end 2 .execn begin
- } bind
--/.file_name_is_iodevice_or_absolute
--{ {
-- dup length 0 gt {
-- dup 0 get (%) 0 get eq {
-- pop true exit
-- } if
-- } if
-- .file_name_is_absolute exit
-- } loop
--} bind def
--/ResourceFileName
-- { % /in (scr)
-- exch //.rfnstring cvs % (scr) (n)
-- /GenericResourcePathSep getsystemparam exch % (scr) (/) (n)
-- Category .namestring % (scr) (/) (n) (c)
-- 3 1 roll % (scr) (c) (/) (n)
-- concatstrings concatstrings % (scr) (c/n)
-- /GenericResourceDir getsystemparam //.file_name_is_iodevice_or_absolute exec not {
-- /GenericResourceDir getsystemparam exch concatstrings
-- findlibfile
-- { % (scr) (p/c/n) file
-- pop exch copy true % (p/c/n) true
-- } { % (scr) (c/n)
-- false % (scr) (c/n) false
-- } ifelse
-- } { % (scr) (c/n)
-- false % (scr) (c/n) false
-- } ifelse
-- not { % (scr) (c/n)
-- /GenericResourceDir getsystemparam % (scr) (c/n) (d/)
-- dup length exch % (scr) (c/n) Ld (d/)
-- 3 index copy pop % (scr') (c/n) Ld
-- 1 index length % (scr') (c/n) Ld Lcn
-- 3 index 3 copy pop % (scr') (c/n) Ld Lcn (scr') Ld Lcn
-- getinterval % (scr') (c/n) Ld Lcn (scr[Ld:Lcn])
-- 4 3 roll exch % (scr') Ld Lcn (c/n) (scr[Ld:Lcn])
-- copy pop % (scr'') Ld Lcn
-- add 0 exch getinterval % (scr''[0:Ld+Lcn])
-- } if
-- } bind
-+
-+/ResourceFileName { % /in (scr) --> (p/c/n)
-+ exch //.rfnstring cvs % (scr) (n)
-+ /GenericResourcePathSep getsystemparam exch % (scr) (/) (n)
-+ Category .namestring % (scr) (/) (n) (c)
-+ 3 1 roll % (scr) (c) (/) (n)
-+ concatstrings concatstrings % (scr) (c/n)
-+ /GenericResourceDir getsystemparam 1 index % (scr) (c/n) (p/) (c/n)
-+ concatstrings % (scr) (c/n) (p/c/n)
-+ dup status {
-+ pop pop pop pop exch pop % (scr) (p/c/n)
-+ } {
-+ exch % (scr) (p/c/n) (c/n)
-+ .libfile {
-+ dup .filename pop % (scr) (p/c/n) file (p/c/n')
-+ exch closefile % (scr) (p/c/n) (p/c/n')
-+ exch pop % (scr) (p/c/n')
-+ } {
-+ pop % (scr) (p/c/n)
-+ } ifelse
-+ } ifelse
-+ exch copy % (p/c/n)
-+} bind
-
- % Additional entries
-
-Index: ghostscript-8.71~dfsg2/toolbin/msvcxml.bat
-===================================================================
---- ghostscript-8.71~dfsg2.orig/toolbin/msvcxml.bat 2010-12-26 15:12:33.000000000 -0500
-+++ ghostscript-8.71~dfsg2/toolbin/msvcxml.bat 2010-12-26 15:24:08.000000000 -0500
-@@ -1428,7 +1428,7 @@
- echo ^<UserMacro Name="GS_INIT" Value="gs_init.ps" /^>
- echo ^<UserMacro Name="GS_LIB_DEFAULT" Value="$(GSROOTDIR)/lib;$(GSROOTDIR)/Resource/Font;$(AROOTDIR)/fonts" /^>
- echo ^<UserMacro Name="GS_REVISION" Value="$(GS_VERSION)" /^>
--echo ^<UserMacro Name="SEARCH_HERE_FIRST" Value="1" /^>
-+echo ^<UserMacro Name="SEARCH_HERE_FIRST" Value="0" /^>
- echo ^</VisualStudioPropertySheet^>
- goto end
-
diff -Nru ghostscript-8.71~dfsg2/debian/patches/1011_CVE-2010-2055_fix-584663.patch ghostscript-8.71~dfsg2/debian/patches/1011_CVE-2010-2055_fix-584663.patch
--- ghostscript-8.71~dfsg2/debian/patches/1011_CVE-2010-2055_fix-584663.patch 1969-12-31 18:00:00.000000000 -0600
+++ ghostscript-8.71~dfsg2/debian/patches/1011_CVE-2010-2055_fix-584663.patch 2011-01-23 07:50:39.000000000 -0600
@@ -0,0 +1,321 @@
+Description: use SEARCH_HERE_FIRST=0
+Author: Michael Gilbert <michael.s.gilbert@gmail.com>
+Debian-Bug: http://bugs.debian.org/584663
+Index: ghostscript-8.71~dfsg2/psi/msvc32.mak
+===================================================================
+--- ghostscript-8.71~dfsg2.orig/psi/msvc32.mak 2010-02-02 13:14:37.000000000 -0500
++++ ghostscript-8.71~dfsg2/psi/msvc32.mak 2010-12-09 22:01:33.000000000 -0500
+@@ -100,13 +100,10 @@
+
+ # Define whether or not searching for initialization files should always
+ # look in the current directory first. This leads to well-known security
+-# and confusion problems, but users insist on it.
+-# NOTE: this also affects searching for files named on the command line:
+-# see the "File searching" section of Use.htm for full details.
+-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
++# and confusion problems, but may be convenient sometimes.
+
+ !ifndef SEARCH_HERE_FIRST
+-SEARCH_HERE_FIRST=1
++SEARCH_HERE_FIRST=0
+ !endif
+
+ # Define the name of the interpreter initialization file.
+Index: ghostscript-8.71~dfsg2/psi/os2.mak
+===================================================================
+--- ghostscript-8.71~dfsg2.orig/psi/os2.mak 2009-11-05 17:24:30.000000000 -0500
++++ ghostscript-8.71~dfsg2/psi/os2.mak 2010-12-09 22:01:33.000000000 -0500
+@@ -54,12 +54,9 @@
+
+ # Define whether or not searching for initialization files should always
+ # look in the current directory first. This leads to well-known security
+-# and confusion problems, but users insist on it.
+-# NOTE: this also affects searching for files named on the command line:
+-# see the "File searching" section of Use.htm for full details.
+-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
++# and confusion problems, but may be convenient sometimes.
+
+-SEARCH_HERE_FIRST=1
++SEARCH_HERE_FIRST=0
+
+ # Define the name of the interpreter initialization file.
+ # (There is no reason to change this.)
+Index: ghostscript-8.71~dfsg2/doc/Use.htm
+===================================================================
+--- ghostscript-8.71~dfsg2.orig/doc/Use.htm 2010-02-10 13:17:48.000000000 -0500
++++ ghostscript-8.71~dfsg2/doc/Use.htm 2010-12-09 22:01:33.000000000 -0500
+@@ -823,8 +823,8 @@
+ using the name given. Otherwise it tries directories in this order:
+
+ <ol>
+-<li>The current directory (unless disabled by the
+-<a href="#P-_switch"><code>-P-</code> switch</a>);
++<li>The current directory if enabled by the
++<a href="#P-_switch"><code>-P</code> switch</a>;
+
+ <li>The directories specified by <a href="#I_switch"><code>-I</code>
+ switches</a> in the command line, if any;
+@@ -847,13 +847,10 @@
+ directory or a list of directories separated by a character appropriate for
+ the operating system ("<code>:</code>" on Unix systems,
+ "<code>,</code>" on VMS systems, and
+-"<code>;</code>" on MS Windows systems). We think that trying
+-the current directory first is a very bad idea -- it opens serious security
+-loopholes and can lead to very confusing errors if one has more than one
+-version of Ghostscript in one's environment -- but when we attempted to
+-change it, users insisted that we change it back. You can disable looking
+-in the current directory first by using the
+-<a href="#P_switch"><code>-P-</code> switch</a>.
++"<code>;</code>" on MS Windows systems).
++By default, Ghostscript no longer searches the current directory first
++but provides <a href="#P_switch"><code>-P</code> switch</a> for a degree
++of backward compatibility.
+
+ <p>
+ Note that Ghostscript does not use this file searching algorithm for the
+@@ -2061,14 +2058,14 @@
+ <dl>
+ <dt><a name="P_switch"></a><code>-P</code>
+ <dd>Makes Ghostscript look first in the current directory for library
+-files. This is currently the default.
++files.
+ </dl>
+
+ <dl>
+ <dt><a name="P-_switch"></a><code>-P-</code>
+ <dd>Makes Ghostscript <b><em>not</em></b> look first in the current
+ directory for library files (unless, of course, the first explicitly
+-supplied directory is "<code>.</code>").
++supplied directory is "<code>.</code>"). This is now the default.
+ </dl>
+
+ <h4><a name="Parameters"></a>Setting parameters</h4>
+Index: ghostscript-8.71~dfsg2/toolbin/msvcxml.bat
+===================================================================
+--- ghostscript-8.71~dfsg2.orig/toolbin/msvcxml.bat 2009-01-26 12:16:47.000000000 -0500
++++ ghostscript-8.71~dfsg2/toolbin/msvcxml.bat 2010-12-09 22:01:33.000000000 -0500
+@@ -1428,7 +1428,7 @@
+ echo ^<UserMacro Name="GS_INIT" Value="gs_init.ps" /^>
+ echo ^<UserMacro Name="GS_LIB_DEFAULT" Value="$(GSROOTDIR)/lib;$(GSROOTDIR)/Resource/Font;$(AROOTDIR)/fonts" /^>
+ echo ^<UserMacro Name="GS_REVISION" Value="$(GS_VERSION)" /^>
+-echo ^<UserMacro Name="SEARCH_HERE_FIRST" Value="1" /^>
++echo ^<UserMacro Name="SEARCH_HERE_FIRST" Value="0" /^>
+ echo ^</VisualStudioPropertySheet^>
+ goto end
+
+Index: ghostscript-8.71~dfsg2/base/ugcclib.mak
+===================================================================
+--- ghostscript-8.71~dfsg2.orig/base/ugcclib.mak 2008-11-05 15:41:22.000000000 -0500
++++ ghostscript-8.71~dfsg2/base/ugcclib.mak 2010-12-09 22:01:33.000000000 -0500
+@@ -30,7 +30,7 @@
+ gsdatadir = $(gsdir)/$(GS_DOT_VERSION)
+ GS_DOCDIR=$(gsdatadir)/doc
+ GS_LIB_DEFAULT=$(gsdatadir)/Resource/Init:$(gsdatadir)/lib:$(gsdatadir)/Resource/Font
+-SEARCH_HERE_FIRST=1
++SEARCH_HERE_FIRST=0
+ GS_INIT=gs_init.ps
+
+ #GENOPT=-DDEBUG
+Index: ghostscript-8.71~dfsg2/base/bcwin32.mak
+===================================================================
+--- ghostscript-8.71~dfsg2.orig/base/bcwin32.mak 2009-11-05 17:24:30.000000000 -0500
++++ ghostscript-8.71~dfsg2/base/bcwin32.mak 2010-12-09 22:01:33.000000000 -0500
+@@ -78,13 +78,10 @@
+
+ # Define whether or not searching for initialization files should always
+ # look in the current directory first. This leads to well-known security
+-# and confusion problems, but users insist on it.
+-# NOTE: this also affects searching for files named on the command line:
+-# see the "File searching" section of Use.htm for full details.
+-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
++# and confusion problems, but may be convenient sometimes.
+
+ !ifndef SEARCH_HERE_FIRST
+-SEARCH_HERE_FIRST=1
++SEARCH_HERE_FIRST=0
+ !endif
+
+ # Define the name of the interpreter initialization file.
+Index: ghostscript-8.71~dfsg2/base/macos-mcp.mak
+===================================================================
+--- ghostscript-8.71~dfsg2.orig/base/macos-mcp.mak 2009-11-05 17:24:30.000000000 -0500
++++ ghostscript-8.71~dfsg2/base/macos-mcp.mak 2010-12-09 22:01:33.000000000 -0500
+@@ -53,12 +53,9 @@
+
+ # Define whether or not searching for initialization files should always
+ # look in the current directory first. This leads to well-known security
+-# and confusion problems, but users insist on it.
+-# NOTE: this also affects searching for files named on the command line:
+-# see the "File searching" section of Use.htm for full details.
+-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
++# and confusion problems, but may be convenient sometimes.
+
+-SEARCH_HERE_FIRST=1
++SEARCH_HERE_FIRST=0
+
+ # Define the name of the interpreter initialization file.
+ # (There is no reason to change this.)
+Index: ghostscript-8.71~dfsg2/base/watclib.mak
+===================================================================
+--- ghostscript-8.71~dfsg2.orig/base/watclib.mak 2009-01-08 04:17:18.000000000 -0500
++++ ghostscript-8.71~dfsg2/base/watclib.mak 2010-12-09 22:01:33.000000000 -0500
+@@ -20,7 +20,7 @@
+ GSROOTDIR=$(AROOTDIR)/gs$(GS_DOT_VERSION)
+ GS_DOCDIR=$(GSROOTDIR)/doc
+ GS_LIB_DEFAULT=$(GSROOTDIR)/Resource/Init\;$(GSROOTDIR)/lib\;$(GSROOTDIR)/Resource/Font\;$(AROOTDIR)/fonts
+-SEARCH_HERE_FIRST=1
++SEARCH_HERE_FIRST=0
+ GS_INIT=gs_init.ps
+
+ !ifndef DEBUG
+Index: ghostscript-8.71~dfsg2/base/openvms.mak
+===================================================================
+--- ghostscript-8.71~dfsg2.orig/base/openvms.mak 2009-11-05 17:24:30.000000000 -0500
++++ ghostscript-8.71~dfsg2/base/openvms.mak 2010-12-09 22:01:33.000000000 -0500
+@@ -68,12 +68,9 @@
+
+ # Define whether or not searching for initialization files should always
+ # look in the current directory first. This leads to well-known security
+-# and confusion problems, but users insist on it.
+-# NOTE: this also affects searching for files named on the command line:
+-# see the "File searching" section of Use.htm for full details.
+-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
++# and confusion problems, but may be convenient sometimes.
+
+-SEARCH_HERE_FIRST=1
++SEARCH_HERE_FIRST=0
+
+ # Define the name of the interpreter initialization file.
+ # (There is no reason to change this.)
+Index: ghostscript-8.71~dfsg2/base/unix-gcc.mak
+===================================================================
+--- ghostscript-8.71~dfsg2.orig/base/unix-gcc.mak 2009-11-11 10:50:28.000000000 -0500
++++ ghostscript-8.71~dfsg2/base/unix-gcc.mak 2010-12-09 22:01:33.000000000 -0500
+@@ -77,12 +77,9 @@
+
+ # Define whether or not searching for initialization files should always
+ # look in the current directory first. This leads to well-known security
+-# and confusion problems, but users insist on it.
+-# NOTE: this also affects searching for files named on the command line:
+-# see the "File searching" section of Use.htm for full details.
+-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
++# and confusion problems, but may be convenient sometimes.
+
+-SEARCH_HERE_FIRST=1
++SEARCH_HERE_FIRST=0
+
+ # Define the name of the interpreter initialization file.
+ # (There is no reason to change this.)
+Index: ghostscript-8.71~dfsg2/base/unixansi.mak
+===================================================================
+--- ghostscript-8.71~dfsg2.orig/base/unixansi.mak 2009-11-05 17:24:30.000000000 -0500
++++ ghostscript-8.71~dfsg2/base/unixansi.mak 2010-12-09 22:01:33.000000000 -0500
+@@ -73,12 +73,9 @@
+
+ # Define whether or not searching for initialization files should always
+ # look in the current directory first. This leads to well-known security
+-# and confusion problems, but users insist on it.
+-# NOTE: this also affects searching for files named on the command line:
+-# see the "File searching" section of Use.htm for full details.
+-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
++# and confusion problems, but may be convenient sometimes.
+
+-SEARCH_HERE_FIRST=1
++SEARCH_HERE_FIRST=0
+
+ # Define the name of the interpreter initialization file.
+ # (There is no reason to change this.)
+Index: ghostscript-8.71~dfsg2/base/macosx.mak
+===================================================================
+--- ghostscript-8.71~dfsg2.orig/base/macosx.mak 2008-10-02 15:33:22.000000000 -0400
++++ ghostscript-8.71~dfsg2/base/macosx.mak 2010-12-09 22:01:33.000000000 -0500
+@@ -78,12 +78,9 @@
+
+ # Define whether or not searching for initialization files should always
+ # look in the current directory first. This leads to well-known security
+-# and confusion problems, but users insist on it.
+-# NOTE: this also affects searching for files named on the command line:
+-# see the "File searching" section of Use.htm for full details.
+-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
++# and confusion problems, but may be convenient sometimes.
+
+-SEARCH_HERE_FIRST=1
++SEARCH_HERE_FIRST=0
+
+ # Define the name of the interpreter initialization file.
+ # (There is no reason to change this.)
+Index: ghostscript-8.71~dfsg2/base/openvms.mmk
+===================================================================
+--- ghostscript-8.71~dfsg2.orig/base/openvms.mmk 2009-01-08 04:17:18.000000000 -0500
++++ ghostscript-8.71~dfsg2/base/openvms.mmk 2010-12-09 22:01:33.000000000 -0500
+@@ -73,12 +73,9 @@
+
+ # Define whether or not searching for initialization files should always
+ # look in the current directory first. This leads to well-known security
+-# and confusion problems, but users insist on it.
+-# NOTE: this also affects searching for files named on the command line:
+-# see the "File searching" section of Use.htm for full details.
+-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
++# and confusion problems, but may be convenient sometimes.
+
+-SEARCH_HERE_FIRST=1
++SEARCH_HERE_FIRST=0
+
+ # Define the name of the interpreter initialization file.
+ # (There is no reason to change this.)
+Index: ghostscript-8.71~dfsg2/base/msvclib.mak
+===================================================================
+--- ghostscript-8.71~dfsg2.orig/base/msvclib.mak 2010-01-07 05:53:36.000000000 -0500
++++ ghostscript-8.71~dfsg2/base/msvclib.mak 2010-12-09 22:01:33.000000000 -0500
+@@ -49,13 +49,10 @@
+
+ # Define whether or not searching for initialization files should always
+ # look in the current directory first. This leads to well-known security
+-# and confusion problems, but users insist on it.
+-# NOTE: this also affects searching for files named on the command line:
+-# see the "File searching" section of Use.htm for full details.
+-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
++# and confusion problems, but may be convenient sometimes.
+
+ !ifndef SEARCH_HERE_FIRST
+-SEARCH_HERE_FIRST=1
++SEARCH_HERE_FIRST=0
+ !endif
+
+ # Define the name of the interpreter initialization file.
+Index: ghostscript-8.71~dfsg2/base/watcw32.mak
+===================================================================
+--- ghostscript-8.71~dfsg2.orig/base/watcw32.mak 2009-11-05 17:24:30.000000000 -0500
++++ ghostscript-8.71~dfsg2/base/watcw32.mak 2010-12-09 22:01:33.000000000 -0500
+@@ -54,11 +54,8 @@
+ # Define whether or not searching for initialization files should always
+ # look in the current directory first. This leads to well-known security
+ # and confusion problems, but users insist on it.
+-# NOTE: this also affects searching for files named on the command line:
+-# see the "File searching" section of Use.htm for full details.
+-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
+
+-SEARCH_HERE_FIRST=1
++SEARCH_HERE_FIRST=0
+
+ # Define the name of the interpreter initialization file.
+ # (There is no reason to change this.)
+Index: ghostscript-8.71~dfsg2/base/Makefile.in
+===================================================================
+--- ghostscript-8.71~dfsg2.orig/base/Makefile.in 2010-12-09 21:46:33.000000000 -0500
++++ ghostscript-8.71~dfsg2/base/Makefile.in 2010-12-09 22:01:33.000000000 -0500
+@@ -96,12 +96,9 @@
+
+ # Define whether or not searching for initialization files should always
+ # look in the current directory first. This leads to well-known security
+-# and confusion problems, but users insist on it.
+-# NOTE: this also affects searching for files named on the command line:
+-# see the "File searching" section of Use.htm for full details.
+-# Because of this, setting SEARCH_HERE_FIRST to 0 is not recommended.
++# and confusion problems, but may be convenient sometimes.
+
+-SEARCH_HERE_FIRST=1
++SEARCH_HERE_FIRST=0
+
+ # Define the name of the interpreter initialization file.
+ # (There is no reason to change this.)
diff -Nru ghostscript-8.71~dfsg2/debian/patches/series ghostscript-8.71~dfsg2/debian/patches/series
--- ghostscript-8.71~dfsg2/debian/patches/series 2010-12-26 14:12:51.000000000 -0600
+++ ghostscript-8.71~dfsg2/debian/patches/series 2011-01-23 07:50:39.000000000 -0600
@@ -56,6 +56,7 @@
1007_fix_pphs_script_not_lib.patch
1008_CVE-2009-4270.patch
1009_fix-build-of-executables.patch
+1010_CVE-2010-2055_fix-584653.patch
+1011_CVE-2010-2055_fix-584663.patch
2001_docdir_fix_for_debian.patch
2002_gs_man_fix_debian.patch
-1010_CVE-2010-2055.patch
diff -Nru ghostscript-8.71~dfsg2/debian/rules ghostscript-8.71~dfsg2/debian/rules
--- ghostscript-8.71~dfsg2/debian/rules 2010-08-19 01:54:17.000000000 -0500
+++ ghostscript-8.71~dfsg2/debian/rules 2011-01-23 08:51:01.000000000 -0600
@@ -290,6 +290,11 @@
CDBS_CONFLICTS_ghostscript-cups += , ghostscript (<< 8.64~dfsg-8)
CDBS_REPLACES_ghostscript-cups += , ghostscript (<< 8.64~dfsg-8)
+# Transition: arch-indep files moved from ghostscript to libgs8
+# TODO: drop when libgs8 is dropped
+CDBS_REPLACES_libgs8 += , ghostscript (<< 8.71~dfsg2-7)
+CDBS_BREAKS_libgs8 += , ghostscript (<< 8.71~dfsg2-7)
+
# Needed for our packaging
# * recent d-shlibs needed to handle unversioned -dev package and
# suppress library dependency here declared indirectly using CDBS
Reply to: